The Aadhar card has been a hotly debated topic in India over the last couple of years. The Government has been pushing for the mandatory linking of citizens’ Aadhar numbers with a whole host of things ranging from bank accounts to Government subsidies.
However, the security and privacy of the Aadhar system has been heavily questioned. There have been several reported leaks and security issues in the recent past, and we’re linking to just a few of them here :
Rs 500, 10 minutes, and you have access to billion Aadhaar details
Aadhaar faces yet another data leak allowing access to personal data to “all” enrolled in the system: Report
Aadhaar privacy row: SC raps govt as 134,000 Indians’ data leaked
The move to create, access and link the Aadhar database has sparked privacy violation concerns among some activists and campaigners. More than two dozen petitions were filed in the Supreme Court challenging the constitutional validity of Aadhaar and the verdict was reserved after hearings concluded in May.
Many in the Government, UIDAI and the telecom industry have vehemently defended the security features of Aadhar. TRAI chairman, R.S. Sharma is among them. In an attempt to prove the solidity of the system he tweeted an open challenge:
My Aadhaar number is 7621 7768 2740
Now I give this challenge to you: Show me one concrete example where you can do any harm to me!— RS Sharma (@rssharma3) July 28, 2018
Within a few hours, French security researcher, Elliot Alderson replied with the phone number linked to the given Aadhar number.
The phone number linked to this #Aadhaar number is 9958587977 https://t.co/ijlxGBBl4Z
— Elliot Alderson (@fs0c131y) July 28, 2018
But Alderson, who describes himself in his Twitter profile as the “worst nightmare of Oneplus, Wiko, UIDAI, Kimbho and others” wasn’t done there. Soon he had published his home address, date of birth, Whatsapp profile picture, email ID, alternate email ID and more.
Another user, @Samthespartan2 came up with the screenshot of Mr. Sharma’s PAN application.
— Sam the Spartan (@Samthespartan2) July 28, 2018
However, Alderson did seem to slip up when he said that the Aadhar number was not linked to any bank account. R.S. Sharma claimed that he had all his bank accounts linked to Aadhar. He also made the point that his date of birth and address are no state secret and have already been available on the Government of India portals for 40 years.
Eventually Alderson tweeted, “People managed to get your personal address, DoB and your alternate phone number. I stop here, I hope you will understand why make your Aadhaar number public is not a good idea.”
People managed to get your personal address, dob and your alternate phone number.
I stop here, I hope you will understand why make your #Aadhaar number public is not a good idea pic.twitter.com/IVrReb4xIM
— Elliot Alderson (@fs0c131y) July 28, 2018
Alderson also had 1 final warning for Mr. Sharma :
You probably need to change your gmail account password @rssharma3 #JustSaying
— Elliot Alderson (@fs0c131y) July 28, 2018